stefanprodan#54 Support for HTTP private Helm chart repositories

avaleo · Dec 10, 2020 · 249b5dc · 249b5dc
1 parent cd681d2
commit 249b5dc
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -76,7 +76,8 @@ PASS - flagger/templates/deployment.yaml contains a valid Deployment
 
 ## Usage with private charts repositories
 
-To allow the action to be able to clone private charts repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
+### Private GitHub/GitLab repository
+To allow the action to be able to clone charts from private GitHub repositories, you must [create a GitHub private access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) and [add it as a secret](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets) to the target repository. NOTE: secret names *cannot* start with `GITHUB_` as these are reserved.
 
 You can then pass the secret (in this case, `GH_TOKEN`) into the action like so:
 ```yaml
@@ -97,6 +98,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
 ```
 
+Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`.
+
+### AWS S3
+
 If you set `awsS3Repo: true`,  make sure you set the appropriate environment variables for helm s3 plugin to work.  Example:
 ```yaml
 name: CI
@@ -123,7 +128,49 @@ jobs:
 
 ```
 
-Gitlab CI Token is also possible using `GITLAB_CI_TOKEN`.
+### HTTP(S) Helm chart repository
+
+To allow fetching Helm charts from private Helm chart repositories you need to 
+pass a list of Helm repositories in `HTTP_PRIVATE_CHART_REPOS` environment variable as JSON.
+
+```json
+{
+  "repositories": [
+    {
+      "url": "https://raw.githubusercontent.com/username/helm-chart-repository/master/",
+      "username": "YOUR_USERNAME",
+      "password": "YOUR_PASSWORD"
+    },
+    {
+      "url": "https://raw.githubusercontent.com/username/another-helm-chart-repository/master/",
+      "username": "YOUR_USERNAME",
+      "password": "YOUR_PASSWORD"
+    }
+  ]
+}
+```
+
+It should be passed [as a secret](https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#creating-encrypted-secrets)
+to keep credentials secure.
+
+```yaml
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  hrval:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Validate Helm Releases in test dir
+        uses: stefanprodan/hrval-action@master
+        with:
+          helmRelease: test/
+        env:
+          HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }}
+```
+
 
 ## Usage with pull requests containing changes of Helm chart source located in base repository branch
 

diff --git a/action.yml b/action.yml
@@ -45,3 +45,5 @@ runs:
     - ${{ inputs.awsS3RepoName }}
     - ${{ inputs.awsS3RepoPlugin }}
     - ${{ inputs.helmSourcesCacheEnabled }}
+  env:
+    HTTP_PRIVATE_CHART_REPOS: ${{ secrets.HTTP_PRIVATE_CHART_REPOS }}
diff --git a/src/hrval-all.sh b/src/hrval-all.sh
@@ -12,6 +12,34 @@ AWS_S3_REPO_NAME=${6-""}
 AWS_S3_PLUGIN="${7-""}"
 HELM_SOURCES_CACHE_ENABLED=${8-""}
 
+function configurePrivateChartRepositories() {
+
+  local tempDir="$(mktemp -d)"
+  echo $HTTP_PRIVATE_CHART_REPOS > $tempDir/repositories.json
+  local numberOfRepositories=$(yq r $tempDir/repositories.json --length repositories)
+
+  for (( i = 0; i < $numberOfRepositories; i++ )); do
+      local url=$(yq r $tempDir/repositories.json repositories[$i].url)
+      local username=$(yq r $tempDir/repositories.json repositories[$i].username)
+      local password=$(yq r $tempDir/repositories.json repositories[$i].password)
+      local repoMD5=$(/bin/echo $url | /usr/bin/md5sum | cut -f1 -d" ")
+
+      >&2 echo "Adding Helm chart repository '$url'"
+      if [[ ${HELM_VER} == "v3" ]]; then
+        helmv3 repo add "$repoMD5" "${url}" --username "${username}" --password "${password}"
+        helmv3 repo update
+      else
+        helm repo add "$repoMD5" "${url}" --username "${username}" --password "${password}"
+        helm repo update
+      fi
+  done
+}
+
+if [[ -v HTTP_PRIVATE_CHART_REPOS ]]; then
+  echo "Configuring Helm chart repositories"
+  configurePrivateChartRepositories
+fi
+
 if [ "${HELM_SOURCES_CACHE_ENABLED}" == "true" ]; then
   CACHEDIR=$(mktemp -d)
 else

diff --git a/src/hrval.sh b/src/hrval.sh
@@ -33,13 +33,34 @@ function download {
 
   CHART_REPO_MD5=$(/bin/echo "${CHART_REPO}" | /usr/bin/md5sum | cut -f1 -d" ")
 
-  if [[ "${HELM_VER}" == "v3" ]]; then
-    helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
-    helmv3 repo update
+
+  if [[ ${HELM_VER} == "v3" ]]; then
+    if [[ $(helmv3 repo list -o yaml  | yq r - "[*].name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then
+      CHART_REPO_ALREADY_ADDED=true
+    else
+      CHART_REPO_ALREADY_ADDED=false
+    fi
+  else
+    if [[ $(helm repo list -o yaml  | yq r - "[*].Name" | grep $CHART_REPO_MD5) == $CHART_REPO_MD5 ]]; then
+      CHART_REPO_ALREADY_ADDED=true
+    else
+      CHART_REPO_ALREADY_ADDED=false
+    fi
+  fi
+
+  if [[ "$CHART_REPO_ALREADY_ADDED" = false ]]; then
+    if [[ "${HELM_VER}" == "v3" ]]; then
+      helmv3 repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
+      helmv3 repo update
+    else
+      helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
+      helm repo update
+    fi
+  fi
+
+  if [[ ${HELM_VER} == "v3" ]]; then
     helmv3 fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}"
   else
-    helm repo add "${CHART_REPO_MD5}" "${CHART_REPO}"
-    helm repo update
     helm fetch --version "${CHART_VERSION}" --untar "${CHART_REPO_MD5}/${CHART_NAME}" --untardir "${2}"
   fi
 
@@ -168,7 +189,7 @@ function validate {
   HELM_RELEASE_NAMESPACE=$(yq r "${HELM_RELEASE}" metadata.namespace)
 
   if [[ "${IGNORE_VALUES}" == "true" ]]; then
-    echo "Ingnoring Helm release values"
+    echo "Ignoring Helm release values"
     echo "" > "${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml"
   else
     echo "Extracting values to ${TMPDIR}/${HELM_RELEASE_NAME}.values.yaml"